AI Security
AI / LLM security — prompt injection, data poisoning, agent threat models, building trustworthy AI, optimisation, and the architecture of trending AI products.
MCP Security: Tool Poisoning and the Risk in AI Agents
MCP security explained: how tool poisoning hides malicious instructions in tool metadata, the supply-chain risk to AI agents, and the defences that…
AI SecurityPrompt Injection Attacks in 2026: Still the #1 LLM Risk
Prompt injection attacks remain OWASP LLM01 in 2026. How direct and indirect injection work, why agentic AI raises the stakes, and how…
AI SecurityOWASP Top 10 for Agentic Applications (2026): What Changed and Why It Matters
The OWASP Top 10 for Agentic Applications (2026) reframes AI risk around autonomy. What changed from the LLM list, and how to…
AI SecurityAutonomous AI Red-Team Tools 2026
–
AI SecurityAI-Enhanced VAPT: How Human + Machine Red Teaming Works in 2026
AI does the tireless enumeration; humans do the creative exploitation. How AI-enhanced VAPT actually works.
AI SecurityThe First AI-Developed Exploit: What an AI-Built 2FA Bypass Means for Defenders
AI just wrote a working exploit to bypass 2FA. The bar for exploit development dropped — here is the realistic threat picture.
AI SecurityPyRIT: Microsoft’s Python Risk Identification Tool for Generative AI
PyRIT gives red-teamers a programmable framework — orchestrators, prompt converters, and scorers — to automate generative-AI attacks at scale.
AI SecurityMindgard and the Rise of AI-Native Offensive Security Platforms
A new category arrived in 2026: AI-native offensive security platforms that test models, agents, and multimodal apps continuously, inside the SDLC.
AI SecurityGarak: NVIDIA’s LLM Vulnerability Scanner — A Practitioner’s Guide
Garak probes LLMs for prompt injection, jailbreaks, toxicity, and data leakage with hundreds of built-in attack probes. A hands-on primer.
AI SecurityPromptfoo for Red Teamers: Automated GenAI Attack Testing in Your Pipeline
Promptfoo turns LLM red-teaming into repeatable, CI-friendly test suites — prompt injection, data leaks, and jailbreaks on every build.